It’s all well and good for us to recommend that you avoid phishing attacks and infected attachments simply by not clicking on the links in emails and other popular vectors of attacks, but the fact of the matter is that you might need to click on one at some point. In this case, it’s best to check the link before clicking it, and we’re here to offer tools to help you do so.
There are plenty of reasons not to trust a link, but it hurts extra to be scrutinizing over a link that someone close sends you. Even if it seems innocent enough, there is always the threat that the sender has been compromised. It’s generally best practice to get secondary confirmation from the sender that the link is safe to open. If you cannot verify the identity of the one who sent the email through a secondary measure, then you must treat the message with more suspicion.
It’s important to do this in the business setting, too. You never know what kind of tomfoolery your coworkers or colleagues are up to that might lead them to getting compromised in some way. If they fall for it, then so can you. If they get infected by malware, it could replicate and spread quickly, and before you know it, you’re not the only new victim; everyone in your contacts or beyond could become one, too.
First, let’s establish what we mean when we say “link.” A link is any text or graphic that is clickable and redirects you to another page in your browser. The link might be written out with https:// and the full URL, but it might be shortened or embedded into the text itself.
For example, if it is a link to PayPal, it might look something like this:
Or the link could also look something like this: Get Started with PayPal
Of course, if you’re paying attention, then you should have realized that neither of those links above go directly to PayPal. They instead take you to a Whoopee cushion on Amazon. Surprise! This should prove that it can be remarkably easy to trick someone into going to a different web page than the one addressed in the text or images.
Suffice it to say, if the link is embedded in a graphic, button, icon, picture, or otherwise, it can be easy to spoof. To prove it’s secure, you need the URL itself. You can get this by doing the following:
On a Desktop or Laptop:
-Hover the mouse over the link.
-Right-click on the link.
-Select “Copy Link” or “Copy Link Address” or “Copy Hyperlink”
Now you have the link copied, and you can paste it into one of the following tools with CTRL+V (or right-click and select Paste)
On a Tablet or Smartphone:
-Be careful not to accidentally just tap the link to open it!
-Hold your finger over the link for a few seconds to pop up the context menu.
-Select “Copy Link” or “Copy link address” or “Copy Hyperlink”
Now that you have the link copied, you can paste it into one of the following tools by holding your finger down over the URL field within the tool and selecting Paste.
If you want to check the legitimacy of a link, you can do so by using the tools below. They won’t save you from every single scam out there, but they can give you an idea of if the link exposes you to known threats. You can also cross-reference using multiple tools.
Norton Safe Web
Norton Safe Web provides a free online tool you can use to check a link. It will provide a rating for how safe it might be. If Norton thinks the link is dangerous, it probably is, but if the link is untested by Norton, redirect your testing practices elsewhere: https://safeweb.norton.com/
PhishTank is a site that tells you if a link has been reported as a phishing scam. Because phishing links are designed to look quite similar to legitimate web pages, you can imagine that it gets a little problematic. For example, a phishing URL might use a page that looks just like the PayPal login page. You can access PhishTank here: https://www.phishtank.com/
Google’s Transparency Report
Google’s search engine is constantly crawling the Internet and indexing pages. If it finds malicious entities or phishing risks, it properly documents them in its transparency report. You can use this tool to identify if there is a risk associated with the provided link. Access the transparency report here: https://transparencyreport.google.com/safe-browsing/search
Scan the Link with VirusTotal
The VirusTotal scanning tool is also helpful as a last-ditch effort to look at the legitimacy of a link. You can access this tool here: https://www.virustotal.com/gui/home/url
Of course, it’s also possible that an unknown phishing scam or malware could make their way past these tools. They are only specifically designed to address known threats, so if you have any doubts or suspicions, you should always err on the side of caution.
If you ever need to check a link or you want to know that a message is authentic, you can always ask the security professionals at TechNet Task Group. To learn more, give us a call at (716) 685-1181.